David Barrett wrote: > If there's an unusually expensive centralized operation that's causing the > problem, it must be something unique to Skype, meaning something due to > their p2p system. > > As I remember, Skype's own published audit of their security model showed that they compute a fresh public/private key pair (and presumably sign it) for a new user when that user logs in and is authorized by their central servers, rather than keeping a signed key at the client machine that remains valid for a period of time. This would count as an "unusually expensive" CPU load for most hardware.
There are advantages to this choice when you want to do things like cut a specific misbehaving user off, change key sizes when needed, etc. I also strongly suspect that some (probably more as they've grown and have more financial resources) of their back-end lookup operations are centralized, but I have no hard evidence of this one way or another. > Which brings me back to my question: what is the supposed value of using p2p > (for anything other than the VoIP and relay service), and is it working? > The value of "P2P" for Skype nowadays is that they have end-to-end connectivity that includes NAT traversal, including relaying of media by (unwitting) 3rd parties when needed. The media is the high-bandwidth part of this business, at least for the PC-PC calls. When they started (and had less money to spend on servers and bandwidth), it was only PC-PC calling, so that was an even bigger deal. As was decentralizing some of the bits, like presence, that make their system go. Can you, with a large amount of money, create a system that handles presence and low bandwidth (like text) messaging that is entirely centralized and supports a similar number of users? Of course,... AOL IM, Yahoo IM, and Microsoft IM are all examples of that model. Can you, as a startup, afford to build that same infrastructure and also get enough bandwidth to centralize routing of audio media? Probably not. Plus, if you've already written it once for Kazaa and have figured out that selling the same thing three or more times (Kazaa, Skype, and Joost are all simply licensees of a P2P system,... even now that Kazaa and Skype have new owners, they (via Joltid Limited) are still getting paid for the "P2P" part) is more lucrative than doing it a different way each time, you use that model. Best for the pocketbook and all. Matthew Kaufman [EMAIL PROTECTED] _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
